← ClaudeAtlas

security-permissions-reviewlisted

Use when changes touch auth, permissions, secrets, env files, deploy config, external messages, data export/import, production DB writes, or customer-visible behavior; surfaces sensitive-path findings + approval-required list. Do NOT use as general code review.
fusebase-dev/fusebase-flow · ★ 2 · Code & Development · score 81
Install: claude install-skill fusebase-dev/fusebase-flow
# Security & Permissions Review ## Purpose Targeted review for changes that touch security-sensitive surfaces. Distinct from general `code-review` because the failure modes (credential leak, auth bypass, customer data exposure) have different response thresholds — even non-blocking findings here may require approval gates. ## When to invoke - Diff touches: auth middleware, permission checks, role/scope code, login/logout flows - Diff touches: `.env`, secrets handling, credential storage, encryption code - Diff adds: outbound external messages (email, SMS, webhooks, public posts), customer-facing notifications - Diff adds: data export, bulk import, customer data movement - Diff adds: production DB writes outside the established repository pattern - Diff modifies: deploy config, CI/CD pipeline, infra-as-code - Operator says "security review" / "is this safe re: auth?" / "check for secret leaks" ## Do not invoke when - Diff is purely UI/styling/copy with no auth/data surface - Diff is in-test-only changes - Diff is a documentation-only commit - A higher-priority skill is mid-flight and the operator wants this as a follow-up — file a backlog ticket ## Required inputs | Input | Where it lives | If missing | |---|---|---| | Diff | `git diff <baseline>..HEAD` | Stop; ask which diff to review | | Sensitive paths config | `policies/protected-paths.yml` (auth + secrets sections) | Use built-in defaults from policy template; flag policy as needing customization | | Secret patter